7223users PreventGovChangeControl PDF
7223users PreventGovChangeControl PDF
7223users PreventGovChangeControl PDF
Controls Governor
Introduction....................................................................................1
Change Control and the GRC Controls Suite .............................................................2
Before You Start...............................................................................................................2
Creating Control Rules Manually ..................................................5
Starting the Change Control Wizard .............................................................................5
Finding Control Rules .....................................................................................................6
Creating Control Rules ....................................................................................................7
Selecting a Block of Controllable Fields ................................................................7
Creating Control Rules for Fields in the Selected Block .....................................8
Using the Translations Tab to Select Record Identifiers.................................. 10
Creating Reason Codes.......................................................................................... 11
Finishing the Control-Rule Generation .............................................................. 12
Defining Subscribers for Control Rules .................................................................... 13
Filter Type Considerations.................................................................................... 14
More Subscriber Fields.......................................................................................... 15
Profiles and Data Subscribers............................................................................... 15
loaded correctly. The spreadsheet includes more than 1,500 change-control objects
that you can tailor to your organizations needs.
Moreover, you can create subscribers for each control rule; in other words, you can
define circumstances under which a control takes effect. For a given field you can,
for example, designate some users who are subject to change control and others who
are not. Or you can impose controls selectively for responsibilities, operating units,
or other entities. If no subscriber is defined for a rule, its control applies universally.
In Flow Rules, define workflow roles to be used for notifications and approvals of
field-value changes. See Appendix A.
In Form Rules, use the Event Tracker to capture information about forms,
blocks, and fields you want to control. This enables the Change Control Wizard
to present the information for selection as you configure control rules. See
Appendix B.
The Change Control Wizard enables you to create new control rules. As an alterna-
tive, you can upload already-created rules from a content spreadsheet (see Chapter
3). In the Wizard, you can also view existing rules, either to modify them or to con-
firm that content-spreadsheet rules have been uploaded correctly.
If you intend to create new control rules, you can simply click on its New button. In
this case, the Wizard becomes the active form but displays no rule data.
However, you can also use the Find form to load existing control rules into the Change
Control Wizard: To search for all rules, simply click on the Find button. Or, to search
for a selection of rules, supply values in any combination of the filtering fields:
Application Name: From the list, select an Oracle EBS application containing
fields for which you want to view control rules. Or, leave the box blank to select
all applications.
User Form Name: This box presents a list of the form names that are visible to
the user of an Oracle EBS application. Choose one containing fields for which
you want to view control rules. Or, leave the list box blank to select all forms.
Form Name: This box presents a list of the form names that are used internally by
the system. If youve made a selection in the User Form Name box, the correspond-
ing internal form name automatically fills this box. If you make a selection in this
box, it overrides the value in the User Form Name box the Change Control
Wizard will display rules governing fields from the form identified by the internal
form name. You can leave this box blank to select all forms.
Block Name: From the list, select a form block containing fields for which you
want to view control rules. Or, leave the box empty to select all blocks in a form
(if you selected one in the Form Name or User Form Name box), or all blocks in
all forms (if you made no form-name selection), or all blocks in all applications
(if you made no application selection).
After entering values, click the Find button. Or, to discard the filtering selection you
have made and start over, click on the Clear button.
After being used, the Find form remains open in the background. To bring it to the
foreground and use it again, click on it (drag any other forms, such as the Wizard,
out of the way). If you close it, you can reopen it: Click on View in the menu bar,
then on Find in the View menu. Or, click on the Find icon, located second from the
left in the tool bar. (It looks like a flashlight.)
Block Name: This box accepts the names of field blocks that appear in the form
you have selected. Choose the block that contains fields for which you want to
create control rules. You must use the Event Tracker (see page 33) before per-
forming this step. Otherwise, no block values appear in the Block Name box.
Note
You can type values into the User Form Name, Application Name, and
Block Name boxes. However, use caution; if you enter an incorrect value,
change control is not properly enabled.
WVR Enabled: You must select the check box if you have chosen a form (in the
Form Name field) associated with a When Validate Record event. Clear the check
box if the form is not. Generally, the Change Control Wizard selects or clears the
box appropriately for the chosen form, and you should accept the default setting.
If a form is associated with a When Validate Record event and the check box is
selected, the control rules take effect when a user attempts to save changes to
any controlled fields on the form.
If the form is not associated with a When Validate Record event and the check
box is cleared, then the fields for which you create Reason Code or Approval
control rules are write-protected. The user can modify each field value in the
Oracle Change Control Request form (see page 23).
Control Type: Select the level of control you want to apply to the field
Audit, Reason Code, or Approval. For control-type definitions, see page 1.
WorkFlow Role: Select the person or role who reviews changes made to the
field. For the Approval control type, you must enter a WorkFlow Role value;
it designates the person who approves changes. For the Reason Code control
type, you may enter a WorkFlow Role value to designate a person notified of
the change. WorkFlow Role does not apply for the Audit control type.
Reason Type: Select the name for a group of reason codes (see Creating
Reason Codes on page 11). A user who changes the Oracle EBS field can
apply any reason code belonging to the group you select here. You must
select a reason type if you selected the Approval or Reason Code control type;
a Reason Type selection does not apply if you selected the Audit control type.
Enable: To set a change-control rule to be active once it has been generated,
select the Enable check box to the right of its row. Clear the check box (and
respond to a confirmation message) to turn off the rule. Or, select or clear the
All check box (at the upper right of the Change Details panel, in the Enable
column) to enable or disable all rules currently displayed in the panel.
Enable Visual Attributes: Select the check box to cause the controlled field to
appear in yellow on its Oracle EBS form. Clear the check box to allow the
field to remain visually undistinguished from other fields. This option applies
only to fields controlled by Reason Code or Approval rules.
Comments: Explain the business risk addressed by the rule you are creating.
3 Click on the Column Translations tab.
Form Field: For each database column name entered under the Primary Key
Columns label, type the name of the corresponding form field. Once again,
use the format BLOCK.FIELD, in which BLOCK is the name by which underly-
ing code recognizes the form block that contains the field, and FIELD is the
name by which underlying code calls the field you want.
2 Click on View in the menu bar, then on Query by Example in the View menu,
and then on Enter in the Query submenu. (Or press the F11 key.)
3 The Reason Type and Description boxes in the Reason Code form turn blue. In
these boxes, type enough information to identify uniquely the group you want to
open. Use % as a wild-card to represent characters you do not enter.
4 Click on View in the menu bar, then on Query by Example in the View menu,
and then on Run in the Query submenu. (Or press Ctrl+F11.)
2 Select the Generate check box for each of the rows for which you want to gen-
erate rules. Or, select the All check box (at the upper right of the Change Details
panel, in the Generate column) to choose all rows displayed in the panel.
3 Click on the Generate Selected Rules button.
4 Click on the Yes button in each of two pop-up messages. (One confirms that
you want to create the selected rules, and the other informs you that all existing
rules will be deleted and then re-created.)
5 Click on Tools in the Oracle menu bar, then on Create Audit Rules Objects in the
Tools menu. Verify that the process has run successfully under View/Requests.
6 Click on the Rules tab to review information about the rules you have generated,
which varies according to control type:
The Rule Name field displays a name for the rule, but is populated only for
the Reason Code and Approval control types.
The Process Name field identifies the workflow process that sends notifica-
tion of a change to a reviewer. Its always populated for an Approval rule, is
populated for a Reason Code rule only if a value for that rule is entered in
the WorkFlow Role field of the Change Details tab, and is never populated
for an Audit rule.
The Audit field displays the name of the audit group that applies to the
controlled field. (The Audit Rules application performs auditing at the
database level. The controlled field corresponds to a database column; the
column exists in a database table; and for changes to columns in a table to be
tracked, the table is placed in an audit group.) This field is populated for all
three control types.
3 To begin the definition, complete at least one row in the Subscribers form. Select
a filter type, an operator, and a value. A rule applies whenever a logical statement
defined by those three entities evaluates to true for example when a users re-
sponsibility (filter type) equals (operator) Purchasing Super User (value). How-
ever, the process you follow to complete this step depends on the filter type you
select; see Filter Type Considerations (below).
4 Optionally, complete additional rows in the Subscribers form to create a subscriber
definition that consists of several criteria. If you do, make appropriate selections
in the And/Or and Group fields, and in any case, use additional controls to com-
plete the subscriber definition. See More Subscriber Fields (page 15).
case the rule would apply whenever the field you selected contains no value. Or, you
might select the Equal operator, the Static Field Type, and a constant value as the
Dependent Value; if so, the rule would apply whenever the value in the field is the
specified constant.
7 If you choose to view a request log, click on the Specific Requests button. Type
the ID number for your request in the Request ID field, and click on the Find
button. A Requests form opens; click on its View Log button.
3 Open the Change Control Wizard (page 5). Click on Tools in the menu bar, then
on Create Audit Rules Objects in the Tools menu. A pop-up note informs you of
a concurrent request ID number. Click on the OK button to clear the message.
which the Enabled Flag check box is cleared; or leave the parameter blank to
export rules configured in both ways.
Then, use the file you create to run the Data Governor Content Load concurrent
request on the destination instance. (Follow the procedure described in Upload-
ing Rules from a Content Spreadsheet, page 18.)
When you enter or modify data in an Oracle EBS field that is subject to change
control, your process depends on the control type assigned to the field.
Audit
If a field is under Audit change control, any change you make is captured and avail-
able for reporting. However, you need not select a reason code or obtain an approval,
so there is no change to your ordinary procedure. Fields under Audit change control
are not distinguished visually from fields that are not subject to change control.
quest form to offer reasons, and if appropriate to begin the approval process, for
all the changed fields at once.
If not, the controlled fields are write-protected, and a user cannot make changes
to them directly. For each field, the user would instead open the Change Control
Request form and enter the new field value there as well as offer a reason for
the change and, if appropriate, initiate the approval process. In this case, the user
can modify only one field at a time in the Change Control Request form.
4 Click on Actions in the Oracle EBS menu bar, then on Oracle Change Control
Request in the Actions menu. The following form appears:
The form devotes a row to each of the changes you are making (and, in other
rows, displays information on changes made in prior sessions). In each row that
applies to a new change, most of the fields provide information but do not accept
input. These include User Field Name, Original Value, New Value, Request
Date, Requested By, and Status.
5 In each row that applies to a new change, click in the Reason field to select a
reason from a list of those configured for the field.
6 In the Comments text box, you may add any comments you deem appropriate.
These comments appear on the Change History Report (see page 27). The Com-
ments text box displays information specific to whatever row youve selected in
the grid it presents an already-recorded comment for an old change or, for a
new change, it clears so that a new comment may be entered.
7 Click on the Done button.
1 When you close the Change Control Request form, the following message appears,
informing you that the approval workflow process has begun. Click the OK but-
ton to clear it.
2 The individual (or workflow role) assigned to approve the change receives a noti-
fication that the change is pending.
3 The user clicks on the notification to open it. He reviews the information and
optionally adds a comment:
Reports offer information about control-rule configuration, the changes made to the
fields those rules control, and the resolution of changes that require approval. Open
reports in the Oracle Governance, Risk, and Compliance Controls Suite:
1 Open your web browser. In its Address field, type the URL for your Govern-
ance, Risk, and Compliance Controls Suite instance. Press the Enter key.
2 A Sign In dialog box appears. Type your user name and password in the appro-
priate fields, and click on the Sign In button.
3 The GRC Controls Suite opens. Click on its Reporting tab.
4 A Folders area to the left of the Reports panel presents a hierarchical display of
available reports and the folders that contain them. In it, click on Public Folders,
then Report Center, and then Change Control.
5 In the larger panel on the right, click on the link for the report you want. You
will be prompted to enter parameter values. Because parameters vary by report,
appropriate values for them are discussed in the report descriptions that follow.
Note
An AGSuper User, or a user assigned the Manager reporting role, can view
all three of these reports. A user assigned the Auditor reporting role can
view all but the Approver Performance Report. Users assigned other report-
ing roles cannot view any of these reports. Reporting roles are assigned to
users in the GRC Controls Suite.
Exporting a Report
When you generate a report, it appears in the larger panel on the right of the Reports
browser. For ease of viewing, however, you may want to export it to another format,
such as Adobe Acrobat. To do so:
1 Click on the Export icon in the Reports browser. (It looks like two juxtaposed
rectangles, representing a disc and a sheet of paper. It appears only when a report
has been generated, and is located at the upper left corner of the larger panel in
the Reports browser.)
2 An Export Report dialog appears. In it, select a destination program in the File
Format field (for example, Adobe Acrobat). Then click on the OK button.
3 A dialog presents you with options appropriate to the program to which youve
elected to export the file for example, save or open in Adobe Acrobat. If you
select the open option, the report opens in a new window. If you select the save
option, you can specify a file path and name to which to save it.
EBS data and the other holds Preventive Controls Governance data. Choose the
latter. If your site accepted default names, its name contains the value XXLAAPPS. If
not, consult your database administrator to distinguish the two data sources. You
supply this value twice for each report, first to generate a list of parameters and then,
within that list, to generate the report itself.
Application: Select any number of, or all, application names for the report to list
changes to fields accessible from the applications you choose.
User Form Name: Select any number of, or all, form names to have the report
list changes to fields that appear in the forms you choose. You can select only
forms available in the applications you selected in the previous parameter.
User Field Name: Select any number of, or all, field names to have the report list
changes to the fields you choose. You can select only fields available in the forms
you selected in the previous parameter.
Control Type: Select any combination of Audit, Reason Code, and Approval to
view changes to fields that are subject to rules of the control types you select. Or,
select All to list fields subject to rules of any control type.
Request Date: In the Start of Range and End of Range fields, select beginning
and ending dates to view changes within the range you specify. You may enter
dates in the Start and End fields; in that case, clear the No Lower Value and No
Upper Value check boxes. Or you may omit the start date and select the No
Lower Value check box to start with the earliest existing field-value change, or
omit the end date and select the No Upper Value check box to finish with the
latest existing field-value change.
If you do enter actual dates, select an Include This Value check box (for either or
both dates) to include the value you specify in the period, or clear the check box
to exclude the value (thus selecting field-value changes that begin after but not on
the start date, or end before but not on the end date). You can click on the calen-
dar icons to select dates.
Notification to/Approved By: Select one or more user names to view changes
for which those users are the approvers (for fields subject to Approval rules) or
the recipients of notifications (for fields subject to Reason Code rules). Or select
All to view changes for which anyone (or no one) may be an approver or
notification recipient.
Requested By: Select one or more user names to view changes made by those
users, or select All to view changes made be all users.
Workflow Role: Select any number of workflow roles to have the report list
fields subject to Approval or Reason Code rules that name the selected workflow
roles as reviewers.
Control Type: Select any combination of Audit, Reason Code, and Approval to
focus the report on fields that are subject to rules of the control type you select.
Or, select All to list fields subject to rules of any control type.
Control Status: Select Active or Inactive to have the report list fields whose con-
trols are either enabled or disabled, or select All to have the report list both types.
Print Comments: Select Y to have the report include, for each field it lists, the
comment configured for the control rule to which the field is subject. Or, select
N to exclude comments.
Include Graph: The report can display data not only textually, but also graphi-
cally. Select Y to include, or N to exclude, graphs in a report.
Report Output: Select Print to produce report output in a document format, or
Export to produces report output in a tabular format.
You must assign workflow role to each Approval control rule you configure, and you
may assign one to each Reason Code rule; the role specifies one or more people who
may, depending on the control type, by notified of a field-value change or be
required to approve or reject it.
To create a workflow role, log on to Flow Rules:
1 Log on to Oracle E-Business Suite.
2 Select GRC Controls in your list of responsibilities. (Ensure first that this
responsibility is available to you.)
3 Under the Oracle Embedded Agent heading, click on the Flow Rules link.
4 An Oracle Rules form appears. It provides access to all three of the embedded
agents; make sure that the Flow Rules tab is selected.
For the purposes of creating change-control rules, your only interest in the Flow
Rules agent is to create workflow roles. To do so, you use one option available from
the menu bar; you can ignore the Flow Rules form.
To create a workflow role:
1 Click on Flow Rules in the menu bar, and then on Define Roles in the Flow
Rules menu. An Approval Roles form opens (as shown at the top of the next
page).
The Event Tracker, a feature available in Form Rules, gathers information about
forms, blocks, and fields in Oracle EBS. Once the Event Tracker has been run in
forms containing fields you want to control, the Change Control Wizard can present
appropriate information for selection as you create control rules.
To use the Event Tracker, create a rule in Form Rules. A typical Form rule consists
of elements, each of which targets a form, block, or field and specifies an event
that triggers processing. Each element then defines customizations to the target
form, block, or field. In this case, however, the rule exists only to enable you to run
the Event Tracker, which is one of the events an element can specify. So the rule will
consist of one element for each Oracle EBS form that contains fields you want to
place under change control, but it wont define any customizations.
To run the Event Tracker:
1 Log on to Oracle E-Business Suite.
2 Select GRC Controls in your list of responsibilities. (Ensure first that this
responsibility is available to you.)
3 Under the Oracle Embedded Agent heading, click on the Form Rules link.
4 An Oracle Rules form appears (as shown at the top of the next page). It provides
access to all three of the embedded agents; make sure that the Form Rules tab is
selected: